oss-sec mailing list archives
Bugs found by Cryptofuzz - some missing CVEs or too low impact for CVE?
From: yersinia <yersinia.spiros () gmail com>
Date: Tue, 8 Dec 2020 20:01:14 +0100
At this link, multiple security bugs of various kinds are highlighted in very widespread basic cryptographic applications, which have then been corrected. I haven't done a deep analysis on all of them but I haven't found any associated CVEs of some of them. Do I have to assume that they weren't all that important or that the process of reporting them was missing? Thanks https://github.com/guidovranken/cryptofuzz
Current thread:
- Bugs found by Cryptofuzz - some missing CVEs or too low impact for CVE? yersinia (Dec 08)
- Re: Bugs found by Cryptofuzz - some missing CVEs or too low impact for CVE? Eric Biggers (Dec 08)
- Re: Bugs found by Cryptofuzz - some missing CVEs or too low impact for CVE? Robert Watson (Dec 08)
- Re: Bugs found by Cryptofuzz - some missing CVEs or too low impact for CVE? Seth Arnold (Dec 08)
- Re: Bugs found by Cryptofuzz - some missing CVEs or too low impact for CVE? Douglas Bagnall (Dec 15)
- Re: Bugs found by Cryptofuzz - some missing CVEs or too low impact for CVE? Robert Watson (Dec 08)
- Re: Bugs found by Cryptofuzz - some missing CVEs or too low impact for CVE? Eric Biggers (Dec 08)